CGIexec

Vulnerability Description

Brief description: CGIexec is a C program intended to allow arbitrary Unix commands to be entered from a web page

Full description: CGIexec allows a remote user to execute any binary in the directory occupied by the program itself with arbitrary arguments. While there are no known vulnerabilities in the program that would allow users to do anything more than this, this allows the remote user to violate most security policies.

Components: CGIexec

Systems: not relevant

Effect(s) of exploiting: The remote user can execute any program in the CGIbin area with arbitrary arguments

Detecting the hole:

1. Look for the program in the CGIbin area. If there, you are vulnerable.

Fixing the hole:

1. Delete this program from the CGIbin area.

Other information:

Keywords

CGIbin, remote execution of arbitrary commands

Cataloguing

PA Classification(s): not set

RISOS Classification(s): not set

DCS Classification(s): not set

CVE Number: none -- Not in the CVE database

Exploit Information

Attack: not given

Related Information

Advisories:

Related Vulnerabilities:

Reportage

Reporting: in ()

Revision Number 1

1. Homer Briggs (6/27/2000):
   Created entry